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I CLAIM: 

1. An asymmetrical cryptographic method of protecting a 
hard-wired electronic logic chip against fraud in 

5 transactions between the electronic chip and an 

application, including calculating an authentication 
value V from input parameters in the electronic chip, 
said method comprising the steps of: 

- 1) the chip producing a pseudo-random number r 
10 specific to the transaction by means of a serial pseudo- 
random generator included in the chip, 

- 2) the chip sending the application a parameter x 
calculated by the application prior to the transaction, 
linked to the random number r by a mathematical 

15 relationship, and stored in a data memory of the chip, 

- 3) the chip calculating a parameter y_ 
constituting the whole or a portion of the authentication 
value V by means of a serial function whose input 
parameters are at least the random number r specific to 

20 the transaction and a private key _s belonging to an 
asymmetrical pair of keys, 

- 4) the chip sending the authentication value V to 
the application, and 

- 5) the application verifying said authentication 
25 value V by means of a verification function whose input 

parameters consist exclusively of public parameters 
including at least the public key p. 

2. A method according to claim 1, wherein producing the 
30 random number r specific to the transaction comprises: 

- mixing some or all of the input parameters by 
means of a mixing function and supplying a series of bits 
as the output of the mixing function, 

- changing the state of a finite state automaton 
35 from an old state to a new state in accordance with a 

function depending at least on the old state and a value 
of the series of bits, and 
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- determining a series of random bits to form the 
whole or a portion of the random number r by means of an 
output function having input arguments including at least 
a state of the automaton. 

5 

3. A method according to claim 2, wherein one input 
parameter is a secrete key K shared by the chip and the 
application and stored in a protected memory region of 
the chip. 

10 

4. A method according to claim 1, wherein the 
mathematical relationship comprises a function g r in a set 
G of items g provided with an operation having at least 
the property of being associative. 

15 

5. A method according to claim 4, wherein the set G is 
the group Z n * of positive or null integers less than n and 
prime with n. 

20 6. A method according to claim 4, wherein the set G is 
any elliptical curve constructed on any finite body. 

7. A method according to claim 1, wherein the serial 
function is an arithmetical function executing operations 

25 from a list comprising addition, subtraction, and left- 
or right-shifts. 

8. A method according to claim 7, wherein the 
arithmetical function executes only addition. 

30 

9. A method according to claim 7, wherein the 
arithmetical function executes only subtraction. 

10. A method according to claim 7 , wherein the 

35 arithmetical function input arguments further include 
input parameters and the arithmetical function entails 
executing one of the operations y = r and y = r + s as a 
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function of the value assigned by the application to an 
input parameter t of the serial function. 

11. A method according to claim 10, wherein the 

5 mathematical relationship comprises a function g r in a set 
G of items c[ provided with an operation having at least 
the property of being associative and wherein the 
verification function compares the result obtained by 
applying the function to the authentication value V with 

10 either the value x or the product of the value x and the 
public key p of the chip corresponding to its secret key 
s, as a function of the parameter t, which amounts to 
testing one of the equations g y = x and g y = xp, as a 
function of the value of the parameter t, where y_ is 

15 equal to the authentication value V and p is the public 
key of the chip corresponding to its secret key _s, as 
defined by the function p = g s . 

12. A method according to claim 7, wherein the 

20 arithmetical function has for further input arguments 
input parameters and comprises executing the operation 
y = r or the operation y = r - s as a function of the 
value assigned by the application to an input parameter t 
of the serial function. 

25 

13. A method according to claim 12, wherein the 
mathematical equation comprises a function g r in a set G 
of items cj provided with an operation having at least the 
property of being associative and wherein the 

30 verification function compares the result obtained by 

applying the mathematical equation to the authentication 
value V with the value x or with the product of the value 
x and the public key p of the chip corresponding to its 
secret key s, as a function of the value of the parameter 

35 t, which amounts to testing the equation g y = x or the 
equation g y .p = x, as a function of the value of the 
parameter t, where y is equal to the authentication value 
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V and p is the public key of the chip corresponding to 
its secret key s, as defined by the equation p = g s . 

14. A method according to claim 7, wherein the 

5 arithmetical function has for further input arguments 

input parameters and comprises executing the operation y 
= r + 2 x s as a function of the value assigned by the 
application to an input parameter t of the serial 
function, said parameter t comprising a string of m bits 
10 in which only one bit ti is equal to 1, m being a natural 
integer . 

15. A method according to claim 14, wherein the 
mathematical relationship comprises a function g r in a set 

15 G of items cf provided with an operation having at least 
the property of being associative and wherein the 
verification function tests the equation g y = xp 2 , as a 
function of the value of the parameter t, where y_ is 
equal to the authentication value V and £ is the public 

20 key of the chip corresponding to its secret key s, as 
defined by the function p = g s . 

16. A method according to claim 7 , wherein the 
arithmetical function has for further input arguments 

25 input parameters and comprises executing the operation y 
= r + 2 t s as a function of the value assigned by the 
application to an input parameter t of the serial 
function. 

30 17. A method according to claim 16, wherein the 

mathematical relationship comprises a function g r in a set 
G of items £ provided with an operation having at least 
the property of being associative and wherein the 
verification function tests the equation g y = xp , as a 

35 function of the value of the parameter t, where y is 

equal to the authentication value V and £ is the public 
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key of the chip corresponding to its secret key s, as 
defined by the function p = g s . 

18. A method according to claim 7, wherein the 

5 arithmetical function has for further input arguments 

input parameters and executes the operation y = r + ts as 
a function of the value assigned by the application to an 
input parameter t of the serial function, where t is an 
integer. 

10 

19. A method according to claim 18, wherein the 
mathematical relationship comprises a function g r in a set 
G of items 2 provided with an operation having at least 
the property of being associative and wherein the 

15 verification function compares the result obtained by 

applying the function to the authentication value V with 
the value x or the product of the value x and the public 
key g of the chip corresponding to its secret key s, as a 
function of the value of the parameter t, which amounts 

20 to testing the equation g y = xp% as a function of the 
value of the parameter t, where y is equal to the 
authentication value V and p is the public key of the 
chip corresponding to its secret key s, as defined by the 
function p = g s . 

25 

20. A method according to claim 1, wherein the parameter 
x sent from the chip to the application is the result of 
applying a hashing function to at least one item linked 
to the random number r by a mathematical function and to 

30 an optional field D containing data linked to the 
application. 

21. A method according to claim 20, wherein the 
arithmetical function has for further input arguments 

35 input parameters and executes the operation y = r + 2 i s as 
a function of the value assigned by the application to an 
input parameter t of the serial function, said parameter 



24 



t comprising a string of m bits in which only one bit t± 
is equal to 1, where m is a natural integer. 

22. A method according to claim 21, wherein the 

5 mathematical relationship comprises a function g r in a set 
G of items cf provided with an operation having at least 
the property of being associative and wherein the 
verification function tests the equation h(g y /p , D) = x, 
as a function of the value of the parameter t, where y is 
10 equal to the authentication value V and p is the public 
key of the chip corresponding to its secret key £, as 
defined by the function p = g s . 

23. A method according to claim 21, wherein the 

15 mathematical relationship comprises a function g r in a set 
G of items cj provided with an operation having at least 
the property of being associative and wherein the 
verification function tests the equation h(g y . p , D) = x, 
where is equal to the authentication value V and £ is 

20 the public key of the chip corresponding to its secret 
key s, as defined by the function p = g" s . 

24. A method according to claim 20, wherein the 
arithmetical function has for further input arguments 

25 input parameters and executes the operation y = r - 2 i s as 
a function of the value assigned by the application to an 
input parameter t of the serial function, said parameter 
t comprising a string of m bits in which only one bit t± 
is equal to 1, where m is a natural integer. 

30 

25. A method according to claim 24, wherein the 
mathematical relationship comprises a function g r in a set 
G of items cj provided with an operation having at least 
the property of being associative and wherein the 

35 verification function tests the equation h(g y .p ,D) = x, 
where y_ is equal to the authentication value V and £ is 
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the public key of the chip corresponding to its secret 
key s, as defined by the function p = g" s . 

26. A method according to claim 20, wherein the 

5 mathematical function comprises a function g r in a set G 
of items cj provided with an operation having at least the 
property of being associative and wherein the parameter x 
sent from the chip to the application is the result of 
applying a relationship of the type x = h(g r ,D), where D 
10 designates an optional field containing data linked to 
the application and h is the hashing function. 

27. A method according to claim 26, wherein the serial 
function has input arguments in the form of input 

15 parameters and executes either the operation y = r or the 
operation y = r + s as a function of the value assigned 
by the application to an input parameter t of the serial 
function and wherein the verification function compares 
the value x to the value h(g y ,D) or the value h(g y .p,D) as 

20 a function of the value of the parameter t, where y is 
equal to the authentication value V and p is the public 
key of the chip corresponding to its secret key s, as 
defined by the equation p = g" s . 

25 28. A method according to claim 26, wherein the serial 
function has for input arguments input parameters and 
executes either the operation y = r or the operation y = 
r + s as a function of the value assigned by the 
application to an input parameter t of the serial 

30 function and wherein the verification function compares 
the value x to the value h(g y , D)or the value h(g y .p,D) as 
a function of the value of the parameter t, where y is 
equal to the authentication value V and p is the public 
key of the chip corresponding to its secret key s, as 

35 defined by the equation p = g~ s . 

29. A method according to claim 26, wherein the serial 
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function has for input arguments input parameters and 
executes either the operation y = r or the operation y = 
r - s as a function of the value assigned by the 
application to an input parameter t of the serial 
5 function and wherein the verification function compares 

the value x to the value h(g y ,D) or the value h(g y .p,D) as 
a function of the value of the parameter t, where y_ is 
equal to the authentication value V and £ is the public 
key of the chip corresponding to its secret key s^ as 
10 defined by the equation p = g s . 

30. A method according to claim 7 , wherein the set G is 
the group Z n * of positive or null integers less than n and 
prime with n. 

15 

31. A method according to claim 7 , wherein the set G is 
any elliptical curve constructed on any finite body. 

32. A device including an electronic chip according to 
20 claim 1 and adapted to implement an asymmetrical 

cryptographic method of protecting the electronic chip 
against fraud in transactions between the electronic chip 
and an application, the method comprising the electronic 
chip calculating an authentication value V from input 
25 parameters, and said device comprising: 

- a serial pseudo-random generator for producing a 
random number r specific to the transaction, 

- first memory means for storing one or more values 
of the parameter x calculated prior to the transaction by 

30 the application and linked by a mathematical relationship 
to the value of the random number r, 

- means for sending the parameter x linked to the 
random number r specific to the transaction from the chip 
to the application, 

35 - means for executing a serial function having as 

input parameters at least the random number r specific to 
the transaction and a private key s belonging to an 
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asymmetrical pair of keys and providing as output a 
parameter y_, and 

- output means adapted to construct the 
authentication value V from at least the parameter 

33. A verification device for executing an asymmetrical 
cryptographic method of protecting an electronic chip 
according to claim 1 against fraud in transactions 
between the electronic chip and an application, said 
method comprising verifying an authentication value V 
calculated by the electronic chip from exclusively public 
parameters and said device comprising means for executing 
the verification function taking as input at least the 
authentication value V and the public key p. 



